hxxps://dash[.]dimayastrebov[.]website/

Analysis

max time kernel
600s
max time network
601s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dash.dimayastrebov.website/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
4092	msedge.exe
4092	msedge.exe
5032	identity_helper.exe
5032	identity_helper.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 4712	4092	msedge.exe	87
PID 4092 wrote to memory of 4712	4092	msedge.exe	87
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 3884	4092	msedge.exe	88
PID 4092 wrote to memory of 5052	4092	msedge.exe	89
PID 4092 wrote to memory of 5052	4092	msedge.exe	89
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90
PID 4092 wrote to memory of 3284	4092	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dash.dimayastrebov.website/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93e8946f8,0x7ff93e894708,0x7ff93e894718
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,3306572523893913272,6974590855624920077,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ad8a026-b058-48e3-a508-5c8fa5fd096e.tmp

Filesize
6KB

MD5
be338a3538005f6b099d9b87ed710c3a

SHA1
ac240f24219e589a4469363cb94f3d6e3c914093

SHA256
6beb679b768d7d0e2e57a22383d663251dc7d62e4105bd721a527f4c0216bc90

SHA512
8f5948f0dfe1e6bcda9e9ba0da8ef31cda42c9137dd408bc79b03352913ec74db33e3be9a7e6548366de2841b6f07ee2997e0806b8102c207726ddecc9919f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
16KB

MD5
48342f85265e1ef95883b48352d8a901

SHA1
4aca39aa1a6059cd73a3c6c8e8db6e704d5f6172

SHA256
8d42979137cc37cb51593048aa96e73d7035948b75d4152fcd352052fb3c49ed

SHA512
f4364fb9fc2cf1ac1515eb217819b2109eb8b6ef323bbeecbf28639edac525e8919f764b131418c5f3bf757a8b7be712afeaf0f76716f57dae8c5c3be61e778f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
70KB

MD5
c6deaa7536f0505028aa8ba4c9c9d059

SHA1
e14c1d858d6b9c8d95da144fc0c88df3bbf8c4e9

SHA256
c317c5783c06295d90e0da32d1b1523e244c3402ef90e1372ec9b36194334999

SHA512
2a95afd54a788e164fbc616f4450ef834a213c9ed99d9613612dd64c517d03d5d1aeb5ba1d7465cfc18a120b23ae884267abae824e4008a5ddf9e31c06870c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\761de77cd7142268_0

Filesize
212B

MD5
047a6a49bf3a630edab402080cb660da

SHA1
4894d02d2d7f381801fc4855c074930bf3822201

SHA256
595efec65b6bea6a6a05a71380f2888ff72a80d3caa85677c102f6a82ee5e97d

SHA512
668d4faed1800c6fb932c872639c532d90cebc7fbeaa22576473e6f4a5c01d279f72524f9dee56baffc90f432395a572ad8fae9644b65af8243030bc68a9dd15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\761de77cd7142268_0

Filesize
212B

MD5
d7b6a1e870a4a71bf97de51bb78eaba7

SHA1
141c884f2faea206018ebc2b7d2ed69031b4b06d

SHA256
8a42a2645cc4cb24fe64133576f30a107a4166586f3af936baca069bf07d2945

SHA512
0d6353860a84fa39b139fd3e49185809081cf857271728db52624bd434f0874d59b4cc3b49a0a626054884effe4a4d19343fb7967f85fd8ae052ff360598901f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a99d204c81ab26172a3d59d9db92c0da

SHA1
21b9213874e92ddac9b0636a0659834ba8fd391b

SHA256
91ef417a91a303c117e73f37271fda3077f8f8f134bea297a701b3fa03fc6a24

SHA512
6217cf19abb7d20c285da0f2c33249af4735e3db281b8bf2243885131cbc69229d18946635e7e0a1b0e1777d3a6c0f5c5e794f72ceabfe11c937a8161b8ccd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
edcc43972773ca2d949043a30b135bba

SHA1
c945c6bf16bfac7c3c5a309e351ecfccb70c79fd

SHA256
41c992021e02a190ede96b5741bcd700e59002790352a67e6a56722bad92a32b

SHA512
fae7167e58c7efea3b04c5f27fa894fda1803fc2d6593d16d7ec41b6fabfda7858db2f59acc1efc67243fe9e93adeb9c8584771f1496d376b1c6cb8ef8ea94fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
059382bec07c1f62ff2ec7d0217090cb

SHA1
7b0f7b3c1f687ab1273a6ab0f8cfb812ecfde46d

SHA256
8cff0008a9327b6701e570c807d1cfb59ece483cde7c3b7a92053b049baad1fd

SHA512
d69a105b4c23e824613ec5efdac93fee187721141b9064bf1c21a8f6d0b4d696d10b3061a167036c7fa7eaae697bd3241d7d52595154bb67457590513a6fcc69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0bf84d9e5030ab4fdff33e52ab8c9c64

SHA1
47f96b3c775538ec214de2a6ff0abcaae46c56a4

SHA256
c5361522dea193184387427c2e8d773daefd4bab3282b96e04bc0e52a21a4e7f

SHA512
7fd206070a07aac5d1619689e47c7eb08fefa002484c73653b7831fc14a5dbbc2828cec66875f760a32e203b4551388f18ebdf469b24eaa6ba249b3532f9fc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
78ef85bc0686dc4ee6313bd7b43e9c11

SHA1
0986f6b281a43d715a08c757b46333f0119f98ec

SHA256
5930ae6358d4329029ecf1c01ac4152c83289cc410a324c5967d8793bcbd8b2c

SHA512
dd103e629aaa3e1a7a38e2661161ef80006a3b80f040b0e27bf0cbb173c6c01e3fd042d6d37c0621038ebff4144939a9a86de2593eca6adf16a638f3ca2f8fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
453B

MD5
f6cea477b109f5727f9308aad3d5fd09

SHA1
edfc3ca94fbd58dbc0a4d96deb8db6ed171deef5

SHA256
7c04610ab72f839cce8d51ffc8e2a0e0f0fdd6dc2c11450ef8099441d4ebc1eb

SHA512
e028d6a3c477f1873ffb50e75697ab2e195ebc3c58879f2d7897bd2603a231c25e34b878f5e7c271f353d4a9f5315e90f11a5b54ac92e5a09426640e7e03ab80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
383B

MD5
1264bfff23f5725848bee4a15e66d563

SHA1
a233c072b7dcc8baa6b6302d5455dfaae15a8736

SHA256
ca5432781544a7919603ab0cc823aeac6fc0a3be35581f46b6d0e5c097d23f46

SHA512
bfab5bc13dca2453880b8564ec075cb79eac4f840fcb2a864e6e8e0c8c3291596afbcb58409cf8f2ec8bf72857786c5fc62f7bb9e512c424003c486d81e3a9b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
388B

MD5
c26095c0c4021d512795e3ad99036ebb

SHA1
7490a37e0060d26330772b3dc17cec9455a0b960

SHA256
c532d24485ea53da0610ea15cf8ea441794905e194d35de26c75660b6cd9b583

SHA512
1ef208650f3569d07779f38c4ea49a73026e7fdca128ad49c48f18bc251ebf2dff3d3aea761e012bb9af2c82f77f5cdc156be95226b37eec3c4853ce590373b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
453B

MD5
5a0754310ace4dce4e1f2b093e124af2

SHA1
84429d2f07c373ab31fda14ffcf12b6223a01f24

SHA256
bb6d896582093c6c03ad8ce371dee5cedc9445011e0e07b7f42f5b60f511d8fb

SHA512
d98bd2cb3810d7c4a615ce6dcf1f7099d3575f7f900de8713e1f7e52d1bf56eda3d4fd214cfaf3b604417c2216a7dc47f707fcdf902e18b83fcdcc0a4b0c0310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bde64cee44c558fe0e36eb08b5f4f29f

SHA1
84ce4c3693de393043d917023cf623dba846863b

SHA256
4e94eb9c0d01662c4fe2f5ea7d9ce08a66833c9a628d4be78236878b0bf20984

SHA512
f248f852ebfca2df1aa56a1178395ca19882377f255f5efb2609a6c1c5301c63292dfee83d49170397d99119c4e5ad3c0068735225f4b9bae21a9e43a7afe8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96965f8d4aeb5acb752c93821e3901ba

SHA1
ce18af307ac7afc4027a6f3ac6d971da1f47ebf1

SHA256
c1e510aed0b0f8b401274cdc001ec1932e530d373df0f0e5d2b8cd042841e761

SHA512
04445a1cb01b91a3a9407c5df2c12c2a4a93cd3bbe79b6f3b82882fb28079bc233625005deb071f4b0ce11e4a1042c2ae1fcebf5d3dc54f0d602a1b86f2e35de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1717c1a4b73c1b3d17fefc52942af33

SHA1
7ce04f4149c2f7c725ea7ad4bb2dcd750eb76e51

SHA256
fe49214059fcc58ddc561461e4c114922abe3c53b5e3f1006b4c86e915116fe7

SHA512
4c1f3c47c4cd6e0f53aed36ef4d3404f5d022fc05e22dd522c5269a1483d88b2c4a10dce478d3b3f9625e881709208136dbbcd90b16b4f542bbcd729cc81d1a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c124911490de61bd69a182db274e4e0c

SHA1
5f769ba12b9db02b61a1b4fa85e75ce36fda468c

SHA256
7fd6505ce0a851e0f52b60bd85f08346f6b101366968c188930ec15488a5225a

SHA512
1058e447621eb1e8ad4ed96bfd721f711fffe59f7bbadcee68565b0cafbb531b03f8bf45cf6fc4313ab78baa6494fe5bd612cafdc6f870eea4a0b6d4a486c737

Download Submit